| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Checkpoint Platform
- To: [email protected]
- Subject: Re: [FW-1] Checkpoint Platform
- From: "Burton, Chris" <[email protected]>
- Date: Thu, 6 Nov 2003 10:29:40 -0800
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcOkfZdZnGAlofViQ5yONAEh4RlrrwAFRW0Q
- Thread-topic: [FW-1] Checkpoint Platform
I have not had any experience with the Alteon platform, but I
prefer Linux over Solaris since we can leverage more experience with the
Intel based hardware, also the total cost is lower than with Solaris,
and the performance of Linux over Solaris is great in some areas and not
so great in others depending on the hardware platform chosen and what
the firewall is actually doing (VPN, Security Server, or it is just a
Firewall).
That being said, since Redhat has decided to roll the standard
Redhat distribution into the Fedora project and only support/distribute
the Redhat Enterprise editions that really leaves a lot of people in the
lurch not just Checkpoint but other vendors also.
I have heard unconfirmed rumors that Redhat v3.0 will be
supported by Checkpoint sometime next year; but, that does most people
running Redhat 7.2/7.3 no good since support contracts for Redhat end on
12/31/03. Platform choice all comes down to what your budget is and
what you are comfortable with deploying in you network based on
experience, and available support (internal and external).
Chris Burton
Network Engineer
Walt Disney Internet Group: Network Services
-----Original Message-----
From: ade [mailto:[email protected]]
Sent: Thursday, November 06, 2003 7:30 AM
To: [email protected]
Subject: Re: [FW-1] Checkpoint Platform
Hi all,
Nortel ASF (Alteon Switched Firewall) is a firewall based on Alteon
switch.
It is made of 2 parts:
- an SFA (switch Firewall Accelerator) which is the Alteon switch
(10/100 or
GEth). These are ASICs based architecture (first generation offers 2 per
port + 2 central).
- one or several SFD (switch Firewall Director) which run CheckPoint.
Several SFD can be added in order to increase the performances.
Principle is to push the CheckPoint session table from the SFD onto the
SFA
in order to profit the ASIC performances to perform the packet
processing.
A new session is processed by the SFD. When this is done, later packets
from
this same session will be switched directly by the SFA, with no need to
reach SFD.
Depending on the model of SFD and SFA used and the CheckPoint release,
performances can reach high levels and price too ;-)
Regards,
Arnaud
-----Original Message-----
From: Shawn Behrens [mailto:[email protected]]
Sent: jeudi 6 novembre 2003 14:58
To: [email protected]
Subject: Re: [FW-1] Checkpoint Platform
> Has anyone had any experience with the Nortel Alteon Checkpoint
> firewall?
>
> We currently run it on a Solaris system and were looking at
> going to it or Linux (Red Hat) system. Any thoughts or suggestions?
Some observations:
Solaris, in my experience, is a well-performing FW-1 environment,
particulary when security servers come into play (dual-CPU helps, a
lot). We
use Solaris 8 64-bit and Solaris 9 64-bit in a "minimal" (core and then
reduced further) configuration.
What makes you wish to switch?
Red Hat Linux will work, but you can't get any Red Hat support. Existing
support contracts will run out shortly. See Red Hat's announcements. I
fervently hope that CheckPoint will recertify on Red Hat Enterprise
Linux v3
ES (although WS would probably work for them, too).
Shawn
Please note that:
1. This e-mail may constitute privileged information. If you are not the
intended recipient, you have received this confidential email and any
attachments transmitted with it in error and you must not disclose,
copy,
circulate or in any other way use or rely on this information.
2. E-mails to and from the company are monitored for operational reasons
and
in accordance with lawful business practices.
3. The contents of this email are those of the individual and do not
necessarily represent the views of the company.
4. The company does not conclude contracts by email and all negotiations
are
subject to contract.
5. The company accepts no responsibility once an e-mail and any
attachments
is sent.
http://www.integralis.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
